<?php
/** 
 * Blocks URL access to a content type from the site; but can be accessed as a pointer from another domain 
 */

Plugin()->registerQueryVar('url_token');
Plugin()->registerFunction('concent_add', 'url_blocker_token');
Plugin()->registerFunction('load_template_file', 'url_blocker_check_token');
Plugin()->registerFunction('template_header', 'url_blocker_iframe_check');

function url_blocker_iframe_check() {
	$type = getQueryVar('type');
	$listing = getQueryVar('id');
	if(!isHome() && $type != 1) :
	?>
	<script type="text/javascript">
		var isInIFrame = (window.location != window.parent.location) ? true : false;
		if(!isInIFrame) {
			window.location = 'http://www.represence.com/404/';
		}
	</script>
	<?php	
	endif;	
	
}

function url_blocker_token($args) {
	$insert = $args['content_id'];
	if($args['content_type'] == 2) {
		/** Generate the token */
		$token = \application\utilities\Utility::strRand(40, 'alphanum');
		/** Add the token to the database */
		DB()->query("UPDATE `cn_content_type2` SET `c2_urlblocker_token`='$token' WHERE `c2_id`='$insert'");
	}
	
}

function url_blocker_check_token() {
	$type = getQueryVar('type');
	$id = getQueryVar('id');
	$urlToken = getQueryVar('url_token');
	/** If it's anything other than a page, make sure that it's a specific listing, not a browse or search, and that they have the right token (iframe check is with javascript in the header) */
	if($type == 2) {
		$token = DB()->getVar("SELECT `c2_urlblocker_token` FROM `cn_content_type2` WHERE `c2_id` = '$id'");
		if(!$id || ($token != $urlToken)) {
			/** 404 error */
			echo '404 error.';
			exit();
		}
		 
	}
}
 
